On Friday, December 10, 2021, VMware released VMware Security Advisory VMSA-2021-0028 affecting numerous VMware products including vCenter Server. This advisory is re: Apache Log4j vulnerability CVE-2021-44228 with a CVSSv3 score of 10 out of 10.
https://www.vmware.com/security/advisories/VMSA-2021-0028.html FAQ: https://via.vmw.com/vmsa-2021-0028-faq Unaffected VMware products can be referred to on the Knowledge Base article: https://kb.vmware.com/s/article/87068 VMware Blog “Investigating the Log4j Vulnerability”: https://blogs.vmware.com/security/2021/12/investigating-cve-2021-44228-log4shell-vulnerability.html
The key takeaway is that IMMEDIATE ACTION IS REQUIRED. Workaround should be applied to all running products immediately.
This is being actively exploited in the wild, and should be treated as an emergency change with highest priority.
This vulnerability is in the open-source Apache Log4j Java logging library, which is used in numerous software packages. This is not a VMware-specific issue.
Additional background information:
Tech Solvency Log4Shell log4j vulnerability (CVE-2021-44228) – cheat-sheet reference guide
#vCommunity – Get involved on Twitter:
@ShanFitz, @vMiklm, @DerrickSkipwith, @BhamVMUG, @myVMUG, @vExpert, @VMware, @VMworld
VMworld session replays:
MCL1833 – 10 Things You Need to Know About Project Monterey
MCL1853 – 60 Minutes of Non-Uniform Memory Access (NUMA) 3rd Edition
MCL3222 – VMware Cloud on AWS Outposts: Bring VMware Cloud to Your Data Center
MCL1635 – Extreme Performance Series: Performance Best Practices (
vSphere 7 Performance Best Practices Whitepaper)
MCL1277 – A Big Update on vRealize Operations (also recommend: vROps VM Performance Dashboard Deepdive
MCL1202 – VMware DRaaS
MCL2768S – Dell APEX Cloud Services with VMware Cloud
MCL1453 – Introducing VMware Project Capitola
MCL2019 – What’s New:
APP1482 – Explore
Tanzu Community Edition (How-to blog for Tanzu CE on MacOS: https://www.samakroyd.com/2021/10/06/tanzu-community-edition-on-macos/)
APP2183 – Introduction to Kubernetes for the vSphere Admin (also:
End User Services
EUS1289 – VDI Nerdfest 2021: Demos That Make Admins Drool
SEC1287 – Mount a Robust Defense in Depth Strategy Against Ransomware
vSphere Security Configuration guide
Birmingham AL VMware User Group Meeting – March 20, 2019.
– VMware Validated Designs quick talk – Michael Merritt, VMware TAM
– Cohesity sponsor talk – Derek Byrd, Cohesity SE
VMware Validated Designs:
https://cohesity.com – Meeting sponsor
#vmware #vexpert #vmug #vcommunity #vvd #cohesity
A frequent question when deploying vRealize Operations relates to correctly sizing the environment.Â An undersized vROps deployment will not perform optimally, and an oversized environment does not best utilize resources.Â VMware has a great new tool to make sizing a vROps installation painless:
Simply select the version of vROps, input the number of vCenters, hosts, clusters, VMs, etc., make the appropriate selections for data retention, and a sizing recommendation is provided:
I hope you’ll find this helpful for your next vROps deployment.Â You can also check your current deployment against this tool to determine if your vROps install may be under- or over-provisioned.